Just what is your address?

We're all pretty familiar with the common SMTP address - spam@make.it.go.away.com. And a lot of folks are happy with just one or two of these. But if you've migrated any users lately, setup cross-forest with MIIS, or if you've just tried to reply to someone who's “left the building”, you've probably seen some strange looking addresses, and/or odd address types.

Or perhaps you've seen the attribute below on an object in the AD: legacyExchangeDN:/o=<org name>/ou=<site name>/cn=Recipients/cn=<alias>

Long ago, before Exchange 2000, Exchange implemented its own LDAP directory. You could almost say that Exchange 5.5 had the Active Directory built into it. (If you happen to still have a 5.5 server, fire up your LDAP client, ldp.exe, point it at your 5.5 server, and browse away! Bonus points if you know what port the SRS uses and why.) If you know much about LDAP, you'll know that each object has a Distinguished Name (DN) that works as map to where it lives in the directory, much like a file on disk (for example, c:\orgname\sitename\recipients\alias.txt) . If you moved an object it would get a new DN, just like if you moved this file to another folder it would become c:\orgname\sitename\recipients\newfolder\alias.txt.

This was neat because you could change the address on a user and we could still figure out which user to reply to. So we decided we would route mail based on DN and mail would be stored as FROM: DN. But it promptly broke down if you moved an object in the LDAP tree. She (the object you just moved) gets a new DN, because she's in a new location in the tree, and viola, she is essentially a brand new person, even if she has the same x400 or SMTP addresses.

As you can see this freed us from locking down your email addresses, but created other problems along the way. At some point, someone had the idea that we could "re-purpose" an address type, x500, and look there if we didn't find a matching DN. So, as an admin, I would create an address of type X500 (just like I create an address of type SMTP), and give it the value of your DN.

For example, your object might look something like this:

DN: o=<org name>/ou=<site name>/cn=Recipients/cn=newfolder/cn=<alias>

SMTP: spam@make.it.go.away.com

X500:/o=/ou=<site name>/cn=Recipients/cn=<alias>

All we had to do was keep an x500 address for each DN you ever had. Now you could move the object all you wanted! (Well kinda.... but this will be long enough without me discussing how free/busy and OAB's work as well.)

In Ex2k, we got smarter and created a new attribute called the legacyExchangeDN. After all, Windows was now in the Active Directory LDAP business, and we wouldn't have to deal with these kinds of details anymore. ;) So now your old 5.5 DN is actually a legacyExchangeDN which could actually be an x500 proxy. The legExDN was just an arbitrary format, and wasn't required to conform to LDAP requirements. Then we could solve some of the old moving problems, and still interoperate with clients that wanted to use DN style formats for resolving and routing mail.

In summary, you may think you're spam@make.it.go.away.com, but you are really legacyExchangeDN:/o=<org name>/ou=<site name>/cn=recipients/cn=<alias> to us! (And if we can't find you there, we'll check your x500!)

This was my first ever blog. If you liked it (or didn’t), or would like to hear me ramble on some other topic, send me feedback!

What I want to know is…where do I find the DN in Exchange Administrator? I would expect to find the DN value of a recipient (user or public folder) in the properties of the account. But they’re not there. My situation: I want to send an email to a public folder via the DN. Where the heck is the DN listed?

I hope you have a ldap client like ldp.exe or adsi edit. As an adminitrator and a troubleshooter, I love these tools. You can find public folders under CN=Microsoft Exchange System Objects,DC=<domain>.

Otherwise fire up the Active Directory Users and Computers snap-in (forever after called dsa.msc). Click on view, then click on find.

In the upper left dropdown box, select custom search. Now click on the Fields button, then select public folders then select the attribute you want to search on. I used display name.

In the textbox under value enter your criteria. In my case I used myTestFolder.

Now click on view in the upper menubar, click on choose collumns. scroll all the way to the bottom to x500 distinguished name. Add it.Your dn will be displayed next to the search results.

Would someone please tell me I missed an easy way to do this? I was annoyed at just how much trouble that was.

I have one question. I am reading an Exchange 5.5 server via LDAP (MIIS) and I need to construct or read an X500 address for each recipient. In looking at the data it seems the only way I could do this is by massaging one of the values in the Obj-View-Containers attribute and concatinating it with rdn. Is this the correct approach or am I missing something?